Skip to content

Update github/codeql-action action to v4.35.3#2477

Open
renovate[bot] wants to merge 1 commit intodevelopfrom
renovate/github-codeql-action-4.x
Open

Update github/codeql-action action to v4.35.3#2477
renovate[bot] wants to merge 1 commit intodevelopfrom
renovate/github-codeql-action-4.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 18, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
github/codeql-action action patch v4.35.1v4.35.3

Release Notes

github/codeql-action (github/codeql-action)

v4.35.3

Compare Source

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #​3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #​3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #​3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #​3852
  • Update default CodeQL bundle version to 2.25.3. #​3865

v4.35.2

Compare Source

  • The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #​3795
  • The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #​3789
  • Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #​3794
  • Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #​3807
  • Update default CodeQL bundle version to 2.25.2. #​3823

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "every weekend"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/github-codeql-action-4.x branch from 7b62bdd to ad9be1f Compare April 20, 2026 16:31
@renovate renovate Bot force-pushed the renovate/github-codeql-action-4.x branch from ad9be1f to 3631a3d Compare May 1, 2026 17:48
@renovate renovate Bot changed the title Update github/codeql-action action to v4.35.2 Update github/codeql-action action to v4.35.3 May 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants